Unrated severityNVD Advisory· Published Mar 19, 2020· Updated Aug 5, 2024

CVE-2019-20485

Description

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

Affected products

libvirt/libvirtdescription
osv-coords71 versions
pkg:rpm/almalinux/hivex pkg:rpm/almalinux/hivex-devel pkg:rpm/almalinux/libguestfs-winsupport pkg:rpm/almalinux/libiscsi pkg:rpm/almalinux/libiscsi-devel pkg:rpm/almalinux/libiscsi-utils pkg:rpm/almalinux/libnbd pkg:rpm/almalinux/libnbd-devel pkg:rpm/almalinux/libvirt pkg:rpm/almalinux/libvirt-admin pkg:rpm/almalinux/libvirt-bash-completion pkg:rpm/almalinux/libvirt-client pkg:rpm/almalinux/libvirt-daemon pkg:rpm/almalinux/libvirt-daemon-config-network pkg:rpm/almalinux/libvirt-daemon-config-nwfilter pkg:rpm/almalinux/libvirt-daemon-driver-interface pkg:rpm/almalinux/libvirt-daemon-driver-network pkg:rpm/almalinux/libvirt-daemon-driver-nodedev pkg:rpm/almalinux/libvirt-daemon-driver-nwfilter pkg:rpm/almalinux/libvirt-daemon-driver-secret pkg:rpm/almalinux/libvirt-daemon-driver-storage pkg:rpm/almalinux/libvirt-daemon-driver-storage-core pkg:rpm/almalinux/libvirt-daemon-driver-storage-disk pkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi pkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi-direct pkg:rpm/almalinux/libvirt-daemon-driver-storage-logical pkg:rpm/almalinux/libvirt-daemon-driver-storage-mpath pkg:rpm/almalinux/libvirt-daemon-driver-storage-rbd pkg:rpm/almalinux/libvirt-daemon-driver-storage-scsi pkg:rpm/almalinux/libvirt-dbus pkg:rpm/almalinux/libvirt-devel pkg:rpm/almalinux/libvirt-docs pkg:rpm/almalinux/libvirt-libs pkg:rpm/almalinux/libvirt-nss pkg:rpm/almalinux/nbdfuse pkg:rpm/almalinux/nbdkit pkg:rpm/almalinux/nbdkit-bash-completion pkg:rpm/almalinux/nbdkit-basic-filters pkg:rpm/almalinux/nbdkit-basic-plugins pkg:rpm/almalinux/nbdkit-curl-plugin pkg:rpm/almalinux/nbdkit-devel pkg:rpm/almalinux/nbdkit-example-plugins pkg:rpm/almalinux/nbdkit-gzip-plugin pkg:rpm/almalinux/nbdkit-linuxdisk-plugin pkg:rpm/almalinux/nbdkit-python-plugin pkg:rpm/almalinux/nbdkit-server pkg:rpm/almalinux/nbdkit-ssh-plugin pkg:rpm/almalinux/nbdkit-vddk-plugin pkg:rpm/almalinux/nbdkit-xz-filter pkg:rpm/almalinux/netcf pkg:rpm/almalinux/netcf-devel pkg:rpm/almalinux/netcf-libs pkg:rpm/almalinux/ocaml-hivex pkg:rpm/almalinux/ocaml-hivex-devel pkg:rpm/almalinux/ocaml-libguestfs pkg:rpm/almalinux/ocaml-libguestfs-devel pkg:rpm/almalinux/ocaml-libnbd pkg:rpm/almalinux/ocaml-libnbd-devel pkg:rpm/almalinux/perl-hivex pkg:rpm/almalinux/perl-Sys-Virt pkg:rpm/almalinux/python3-hivex pkg:rpm/almalinux/python3-libnbd pkg:rpm/almalinux/python3-libvirt pkg:rpm/almalinux/ruby-hivex pkg:rpm/almalinux/seabios pkg:rpm/almalinux/seabios-bin pkg:rpm/almalinux/seavgabios-bin pkg:rpm/almalinux/sgabios pkg:rpm/almalinux/sgabios-bin pkg:rpm/almalinux/supermin pkg:rpm/almalinux/supermin-devel
< 1.3.18-20.module_el8.3.0+2048+e7a0a3ea+ 70 more
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 8.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1:1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma
- (no CPE)range: < 1:1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/mitrevendor-advisoryx_refsource_FEDORA
bugs.debian.org/cgi-bin/bugreport.cgimitrex_refsource_MISC
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
libvirt.org/git/mitrex_refsource_CONFIRM
security-tracker.debian.org/tracker/CVE-2019-20485mitrex_refsource_MISC
www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000